У меня Postfix 2.7 установлен в Ubuntu 10.04 LTS.
Когда я пытаюсь отправить письмо из Outlook (с SMTP-аутентификацией) в учетную запись Gmail (или другую), мне отказывают в доступе к ретрансляции.
Журнал (я подделал электронные письма):
Feb 24 16:49:16 vm1613 imapd: Connection, ip=[::ffff:95.239.57.160]
Feb 24 16:49:16 vm1613 imapd: LOGIN, user=real.user@example.com, ip=[::ffff:95.239.57.160], port=[52330], protocol=IMAP
Feb 24 16:49:16 vm1613 imapd: Connection, ip=[::ffff:95.239.57.160]
Feb 24 16:49:16 vm1613 imapd: LOGIN, user=real.user@example.com, ip=[::ffff:95.239.57.160], port=[52331], protocol=IMAP
Feb 24 16:49:17 vm1613 imapd: Connection, ip=[::ffff:95.239.57.160]
Feb 24 16:49:17 vm1613 imapd: LOGIN, user=real.user@example.com, ip=[::ffff:95.239.57.160], port=[52332], protocol=IMAP
Feb 24 16:49:18 vm1613 imapd: Connection, ip=[::ffff:95.239.57.160]
Feb 24 16:49:18 vm1613 imapd: Connection, ip=[::ffff:95.239.57.160]
Feb 24 16:49:18 vm1613 imapd: LOGIN, user=real.user@example.com, ip=[::ffff:95.239.57.160], port=[52334], protocol=IMAP
Feb 24 16:49:18 vm1613 imapd: LOGIN, user=real.user@example.com, ip=[::ffff:95.239.57.160], port=[52335], protocol=IMAP
Feb 24 16:49:22 vm1613 postfix/smtpd[7157]: warning: 95.239.57.160: hostname host160-57-dynamic.239-95-r.retail.telecomitalia.it verification failed: Name or service not known
Feb 24 16:49:22 vm1613 postfix/smtpd[7157]: connect from unknown[95.239.57.160]
Feb 24 16:49:22 vm1613 postfix/smtpd[7157]: NOQUEUE: reject: RCPT from unknown[95.239.57.160]: 554 5.7.1 <real.user@gmail.com>: Relay access denied; from=<real.user@example.com> to=<real.user@gmail.com> proto=ESMTP helo=<AllePC>
почему это произошло? У меня уже было permit_sasl_authenticated
в smtpd_recipient_restrictions
root@vm1613:/etc/postfix# postconf smtpd_recipient_restrictions
smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination
postconf -n
вывод
root@vm1613:~# postconf -n
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
append_dot_mydomain = no
biff = no
broken_sasl_auth_clients = yes
config_directory = /etc/postfix
content_filter = amavis:[127.0.0.1]:10024
disable_vrfy_command = yes
inet_interfaces = all
mailbox_size_limit = 0
message_size_limit = 0
mydestination = $mydomain, $myhostname, localhost, localhost.localdomain
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
mynetworks_style = host
myorigin = /etc/mailname
readme_directory = no
receive_override_options = no_address_mappings
recipient_delimiter = +
relayhost =
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtp_use_tls = yes
smtpd_banner = $myhostname ESMTP $mail_name
smtpd_client_restrictions = permit_mynetworks
smtpd_delay_reject = yes
smtpd_helo_required = yes
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain =
smtpd_sasl_security_options = noanonymous
smtpd_sender_restrictions = check_sender_access hash:/var/spool/postfix/plesk/blacklists, permit_sasl_authenticated, check_client_access pcre:/var/spool/postfix/plesk/non_auth.re
smtpd_tls_cert_file = /etc/ssl/private/vm1613.cs17.seeweb.it.crt
smtpd_tls_key_file = /etc/ssl/private/vm1613.cs17.seeweb.it.key
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtpd_use_tls = yes
virtual_alias_maps = mysql:/etc/postfix/maps/alias.cf
virtual_gid_maps = static:5000
virtual_mailbox_base = /var/spool/mail/virtual
virtual_mailbox_domains = mysql:/etc/postfix/maps/domain.cf
virtual_mailbox_limit = 0
virtual_mailbox_maps = mysql:/etc/postfix/maps/user.cf
virtual_uid_maps = static:5000
saslfinger -s
вывод
saslfinger - postfix Cyrus sasl configuration Sun Feb 24 23:23:50 CET 2013
version: 1.0.4
mode: server-side SMTP AUTH
-- basics --
Postfix: 2.7.0
System: Ubuntu 10.04.4 LTS \n \l
-- smtpd is linked to --
libsasl2.so.2 => /usr/lib/libsasl2.so.2 (0x00007f66614f3000)
-- active SMTP AUTH and TLS parameters for smtpd --
broken_sasl_auth_clients = yes
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain =
smtpd_sasl_security_options = noanonymous
smtpd_tls_cert_file = /etc/ssl/private/vm1613.cs17.seeweb.it.crt
smtpd_tls_key_file = /etc/ssl/private/vm1613.cs17.seeweb.it.key
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtpd_use_tls = yes
-- listing of /usr/lib64/sasl2 --
total 1044
drwxr-xr-x 2 root root 4096 Nov 11 15:33 .
drwxr-xr-x 66 root root 20480 Feb 22 06:27 ..
-rw-r--r-- 1 root root 20092 Mar 31 2010 libanonymous.a
-rw-r--r-- 1 root root 990 Mar 31 2010 libanonymous.la
-rw-r--r-- 1 root root 18528 Mar 31 2010 libanonymous.so
-rw-r--r-- 1 root root 18528 Mar 31 2010 libanonymous.so.2
-rw-r--r-- 1 root root 18528 Mar 31 2010 libanonymous.so.2.0.23
-rw-r--r-- 1 root root 23802 Mar 31 2010 libcrammd5.a
-rw-r--r-- 1 root root 976 Mar 31 2010 libcrammd5.la
-rw-r--r-- 1 root root 22624 Mar 31 2010 libcrammd5.so
-rw-r--r-- 1 root root 22624 Mar 31 2010 libcrammd5.so.2
-rw-r--r-- 1 root root 22624 Mar 31 2010 libcrammd5.so.2.0.23
-rw-r--r-- 1 root root 65912 Mar 31 2010 libdigestmd5.a
-rw-r--r-- 1 root root 999 Mar 31 2010 libdigestmd5.la
-rw-r--r-- 1 root root 51752 Mar 31 2010 libdigestmd5.so
-rw-r--r-- 1 root root 51752 Mar 31 2010 libdigestmd5.so.2
-rw-r--r-- 1 root root 51752 Mar 31 2010 libdigestmd5.so.2.0.23
-rw-r--r-- 1 root root 20590 Mar 31 2010 liblogin.a
-rw-r--r-- 1 root root 970 Mar 31 2010 liblogin.la
-rw-r--r-- 1 root root 18520 Mar 31 2010 liblogin.so
-rw-r--r-- 1 root root 18520 Mar 31 2010 liblogin.so.2
-rw-r--r-- 1 root root 18520 Mar 31 2010 liblogin.so.2.0.23
-rw-r--r-- 1 root root 42012 Mar 31 2010 libntlm.a
-rw-r--r-- 1 root root 964 Mar 31 2010 libntlm.la
-rw-r--r-- 1 root root 34904 Mar 31 2010 libntlm.so
-rw-r--r-- 1 root root 34904 Mar 31 2010 libntlm.so.2
-rw-r--r-- 1 root root 34904 Mar 31 2010 libntlm.so.2.0.23
-rw-r--r-- 1 root root 20454 Mar 31 2010 libplain.a
-rw-r--r-- 1 root root 970 Mar 31 2010 libplain.la
-rw-r--r-- 1 root root 18520 Mar 31 2010 libplain.so
-rw-r--r-- 1 root root 18520 Mar 31 2010 libplain.so.2
-rw-r--r-- 1 root root 18520 Mar 31 2010 libplain.so.2.0.23
-rw-r--r-- 1 root root 30332 Mar 31 2010 libsasldb.a
-rw-r--r-- 1 root root 1001 Mar 31 2010 libsasldb.la
-rw-r--r-- 1 root root 22464 Mar 31 2010 libsasldb.so
-rw-r--r-- 1 root root 22464 Mar 31 2010 libsasldb.so.2
-rw-r--r-- 1 root root 22464 Mar 31 2010 libsasldb.so.2.0.23
-rw-r--r-- 1 root root 35984 Mar 31 2010 libsql.a
-rw-r--r-- 1 root root 1099 Mar 31 2010 libsql.la
-rw-r--r-- 1 root root 30736 Mar 31 2010 libsql.so
-rw-r--r-- 1 root root 30736 Mar 31 2010 libsql.so.2
-rw-r--r-- 1 root root 30736 Mar 31 2010 libsql.so.2.0.23
-rw-r--r-- 1 root root 18712 Aug 1 2011 libsqlite.so
-- listing of /usr/lib/sasl2 --
total 1044
drwxr-xr-x 2 root root 4096 Nov 11 15:33 .
drwxr-xr-x 66 root root 20480 Feb 22 06:27 ..
-rw-r--r-- 1 root root 20092 Mar 31 2010 libanonymous.a
-rw-r--r-- 1 root root 990 Mar 31 2010 libanonymous.la
-rw-r--r-- 1 root root 18528 Mar 31 2010 libanonymous.so
-rw-r--r-- 1 root root 18528 Mar 31 2010 libanonymous.so.2
-rw-r--r-- 1 root root 18528 Mar 31 2010 libanonymous.so.2.0.23
-rw-r--r-- 1 root root 23802 Mar 31 2010 libcrammd5.a
-rw-r--r-- 1 root root 976 Mar 31 2010 libcrammd5.la
-rw-r--r-- 1 root root 22624 Mar 31 2010 libcrammd5.so
-rw-r--r-- 1 root root 22624 Mar 31 2010 libcrammd5.so.2
-rw-r--r-- 1 root root 22624 Mar 31 2010 libcrammd5.so.2.0.23
-rw-r--r-- 1 root root 65912 Mar 31 2010 libdigestmd5.a
-rw-r--r-- 1 root root 999 Mar 31 2010 libdigestmd5.la
-rw-r--r-- 1 root root 51752 Mar 31 2010 libdigestmd5.so
-rw-r--r-- 1 root root 51752 Mar 31 2010 libdigestmd5.so.2
-rw-r--r-- 1 root root 51752 Mar 31 2010 libdigestmd5.so.2.0.23
-rw-r--r-- 1 root root 20590 Mar 31 2010 liblogin.a
-rw-r--r-- 1 root root 970 Mar 31 2010 liblogin.la
-rw-r--r-- 1 root root 18520 Mar 31 2010 liblogin.so
-rw-r--r-- 1 root root 18520 Mar 31 2010 liblogin.so.2
-rw-r--r-- 1 root root 18520 Mar 31 2010 liblogin.so.2.0.23
-rw-r--r-- 1 root root 42012 Mar 31 2010 libntlm.a
-rw-r--r-- 1 root root 964 Mar 31 2010 libntlm.la
-rw-r--r-- 1 root root 34904 Mar 31 2010 libntlm.so
-rw-r--r-- 1 root root 34904 Mar 31 2010 libntlm.so.2
-rw-r--r-- 1 root root 34904 Mar 31 2010 libntlm.so.2.0.23
-rw-r--r-- 1 root root 20454 Mar 31 2010 libplain.a
-rw-r--r-- 1 root root 970 Mar 31 2010 libplain.la
-rw-r--r-- 1 root root 18520 Mar 31 2010 libplain.so
-rw-r--r-- 1 root root 18520 Mar 31 2010 libplain.so.2
-rw-r--r-- 1 root root 18520 Mar 31 2010 libplain.so.2.0.23
-rw-r--r-- 1 root root 30332 Mar 31 2010 libsasldb.a
-rw-r--r-- 1 root root 1001 Mar 31 2010 libsasldb.la
-rw-r--r-- 1 root root 22464 Mar 31 2010 libsasldb.so
-rw-r--r-- 1 root root 22464 Mar 31 2010 libsasldb.so.2
-rw-r--r-- 1 root root 22464 Mar 31 2010 libsasldb.so.2.0.23
-rw-r--r-- 1 root root 35984 Mar 31 2010 libsql.a
-rw-r--r-- 1 root root 1099 Mar 31 2010 libsql.la
-rw-r--r-- 1 root root 30736 Mar 31 2010 libsql.so
-rw-r--r-- 1 root root 30736 Mar 31 2010 libsql.so.2
-rw-r--r-- 1 root root 30736 Mar 31 2010 libsql.so.2.0.23
-rw-r--r-- 1 root root 18712 Aug 1 2011 libsqlite.so
-- listing of /etc/postfix/sasl --
total 16
drwxr-xr-x 2 root root 4096 Nov 11 16:32 .
drwxr-xr-x 4 root root 4096 Feb 24 17:39 ..
-rwx------ 1 root root 243 Nov 11 16:32 smtpd.conf
-rw-r--r-- 1 root root 403 Nov 11 16:32 smtpd.conf.backup
-- content of /etc/postfix/sasl/smtpd.conf --
pwcheck_method: saslauthd
auxprop_plugin: sql
mech_list: plain login
sql_engine: mysql
sql_hostnames: 127.0.0.1
sql_user: --- replaced ---
sql_passwd: --- replaced ---
sql_database: mail
sql_select: SELECT password FROM user WHERE email='%u@%r' AND enabled = 1
-- content of /etc/postfix/sasl/smtpd.conf --
pwcheck_method: saslauthd
auxprop_plugin: sql
mech_list: plain login
sql_engine: mysql
sql_hostnames: 127.0.0.1
sql_user: --- replaced ---
sql_passwd: --- replaced ---
sql_database: mail
sql_select: SELECT password FROM user WHERE email='%u@%r' AND enabled = 1
-- active services in /etc/postfix/master.cf --
# service type private unpriv chroot wakeup maxproc command + args
# (yes) (yes) (yes) (never) (100)
smtp inet n - - - - smtpd
smtps inet n - - - - smtpd
-o smtpd_tls_wrappermode=yes
submission inet n - - - - smtpd
pickup fifo n - - 60 1 pickup
-o content_filter=
-o receive_override_options=no_header_body_checks
cleanup unix n - - - 0 cleanup
qmgr fifo n - n 300 1 qmgr
tlsmgr unix - - - 1000? 1 tlsmgr
rewrite unix - - - - - trivial-rewrite
bounce unix - - - - 0 bounce
defer unix - - - - 0 bounce
trace unix - - - - 0 bounce
verify unix - - - - 1 verify
flush unix n - - 1000? 0 flush
proxymap unix - - n - - proxymap
proxywrite unix - - n - 1 proxymap
smtp unix - - - - - smtp
relay unix - - - - - smtp
-o smtp_fallback_relay=
showq unix n - - - - showq
error unix - - - - - error
retry unix - - - - - error
discard unix - - - - - discard
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - - - - lmtp
anvil unix - - - - 1 anvil
scache unix - - - - 1 scache
maildrop unix - n n - - pipe
flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient}
uucp unix - n n - - pipe
flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
ifmail unix - n n - - pipe
flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp unix - n n - - pipe
flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient
scalemail-backend unix - n n - 2 pipe
flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension}
mailman unix - n n - - pipe
flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
${nexthop} ${user}
amavis unix - - - - 2 smtp
-o smtp_data_done_timeout=1200
-o smtp_send_xforward_command=yes
-o disable_dns_lookups=yes
-o max_use=20
127.0.0.1:10025 inet n - - - - smtpd
-o content_filter=
-o local_recipient_maps=
-o relay_recipient_maps=
-o smtpd_restriction_classes=
-o smtpd_delay_reject=no
-o smtpd_client_restrictions=permit_mynetworks,reject
-o smtpd_helo_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o smtpd_data_restrictions=reject_unauth_pipelining
-o smtpd_end_of_data_restrictions=
-o mynetworks=127.0.0.0/8
-o smtpd_error_sleep_time=0
-o smtpd_soft_error_limit=1001
-o smtpd_hard_error_limit=1000
-o smtpd_client_connection_count_limit=0
-o smtpd_client_connection_rate_limit=0
-o receive_override_options=no_header_body_checks,no_unknown_recipient_checks
-- mechanisms on localhost --
250-AUTH LOGIN PLAIN
250-AUTH=LOGIN PLAIN
-- end of saslfinger output --
Я следил это руководство.
Ваш почтовый клиент на самом деле не прошел аутентификацию.
Вы уверены, что правильно настроили Outlook для подключения к порту 587 и присвоили ему имя пользователя и пароль?